> ## Documentation Index
> Fetch the complete documentation index at: https://docs.statproxies.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> API keys and authentication for the Stat Proxies API.

All requests require a Bearer token in the Authorization header.

```bash theme={null}
Authorization: Bearer {your_api_key}
```

## Get an API key

<Steps>
  <Step title="Log in">
    Visit [dashboard.statproxies.com](https://dashboard.statproxies.com)
  </Step>

  <Step title="Navigate to API Keys">
    Go to **Settings → API Keys**
  </Step>

  <Step title="Create key">
    Configure permissions and copy your key securely
  </Step>
</Steps>

<Warning>
  Store your API key securely. You won't be able to see it again after creation.
</Warning>

## Key types

<CardGroup cols={2}>
  <Card title="Personal Keys" icon="user">
    Access your individual orders and resources
  </Card>

  <Card title="Organization Keys" icon="building">
    Access organization-owned resources
  </Card>
</CardGroup>

## Available services

| Service   | Description                         |
| --------- | ----------------------------------- |
| `order`   | Create, read, update, delete orders |
| `account` | Access account information          |

## Example requests

<Tabs>
  <Tab title="cURL">
    ```bash theme={null}
    curl -X GET "https://dashboard.statproxies.com/api/v2/order/list" \
      -H "Authorization: Bearer sk_live_abc123..."
    ```
  </Tab>

  <Tab title="JavaScript">
    ```javascript theme={null}
    const response = await fetch(
      'https://dashboard.statproxies.com/api/v2/order/list',
      {
        headers: {
          'Authorization': 'Bearer sk_live_abc123...',
          'Content-Type': 'application/json'
        }
      }
    );
    const data = await response.json();
    ```
  </Tab>

  <Tab title="Python">
    ```python theme={null}
    import requests

    response = requests.get(
        'https://dashboard.statproxies.com/api/v2/order/list',
        headers={
            'Authorization': 'Bearer sk_live_abc123...',
            'Content-Type': 'application/json'
        }
    )
    data = response.json()
    ```
  </Tab>
</Tabs>

## Error responses

<AccordionGroup>
  <Accordion title="401 Unauthorized">
    Invalid or missing API key.

    ```json theme={null}
    { "error": "invalid_api_key" }
    ```

    **Causes**: Missing header, incorrect key, expired key
  </Accordion>

  <Accordion title="403 Forbidden">
    Insufficient permissions for the requested action.

    ```json theme={null}
    { "error": "insufficient_permissions" }
    ```

    **Causes**: Service not enabled, accessing other user's resources
  </Accordion>
</AccordionGroup>

## Best practices

<CardGroup cols={2}>
  <Card title="Keep Secret" icon="lock">
    Never expose keys in client-side code
  </Card>

  <Card title="Environment Variables" icon="terminal">
    Store keys in env vars, not code
  </Card>

  <Card title="Rotate Regularly" icon="rotate">
    Create new keys and revoke old ones
  </Card>

  <Card title="Least Privilege" icon="shield">
    Only enable required services
  </Card>
</CardGroup>

## Managing keys

* **View**: See all active keys, creation date, last used
* **Revoke**: Immediately disable a key (cannot be undone)

<Info>
  Organization API keys scope all requests to the organization's context—orders, billing, and resources.
</Info>
